Privacy, Tor and Robin Hood in the Academic World

We live in an age of very grey digital privacy laws. Laws surrounding privacy can become muddied when new technology is introduced into the mix and laws enacted years ago may not synergize with the technology we have today. This is a problem.

In libraries, the idea of privacy is not new. We deal with issues around privacy all the time. What data can we collect? Why would we want to collect data? It’s such a murky area because knowing what our users are doing, reading and researching can allow us to better gear our service back to those users. Is one user reading a lot of Stephen King? Maybe an email is sent when the latest Stephen King novel is ready for circulation. Since 1939, privacy has been one of the core values of the American Library Association. For all the good collecting data can do, it must be our first priority to protect our users’ data.

Privacy and Tor

I read about one library a few months ago that took an unconventional step to protect their users’ data, resulting in the Department of Homeland Security becoming involved.

In Lebanon, New Hampshire, a small public library (Kilton Public Library) partnered with the Library Freedom Project (LFP) to set up a Tor relay through their library. Tor stands for The Onion Router because the security and anonymity it provides masks the user’s IP like the layers of an onion. While the Tor browser can be used by anyone, an exit relay allows users to bounce their internet traffic through the library, making it nearly impossible to identify the starting point of the user. The Tor browser isn’t illegal, so what’s the problem? The Tor browser masks a user’s identity so well that it is a often used to hide pornography, drug trafficking, and other nefarious illegal activity. While it is highly advised that you do not set up a Tor exit node from your home or on your home internet connection, libraries are protected from legal threats by safe harbor provisions.

Protesters outside the Lebanon Public Library gathered to show support for running a Tor relay at the New Hampshire library

That said, there are many benefits to using the Tor network as well. Survivors of domestic abuse, journalists, whistleblowers, activists and even law enforcement can use the Tor browser in important and meaningful ways.

In New Hampshire, the Tor relay that was approved by the board in June and set up in July, was taken down just a few months later when the DHS contacted the Lebanon Police Department. After meeting with police and city officials the library pulled the plug on the project, but voted to reinstate the Tor relay at a later date.

Alison Macrina, the founder of Library Freedom Project compared the Tor network to city streets: “the city is not going to shut down its roads simply because some people choose to drive drunk” (Doyle-Burr, 2015).

It is also worth mentioning that since this whole ordeal started, New Hampshire has introduced a bill that will make it clear that libraries have the right to set up cryptographic privacy platforms on their computer systems. Furthermore, the proposed bill mentions Tor specifically as one of the privacy softwares that libraries can use to protect user privacy. One thing to note is that this bill only mentions public libraries being able to use Cryptographic Privacy Software. This doesn’t appear to be umbrella coverage for all libraries. Academic and special libraries could benefit from such a bill as well for users conducting private research.

A modern day Robin Hood in academia

Robin Hood statue, Nottingham Castle, England.

This all started in September of 2015, with the bill being proposed early in 2016. Just this past week I learned of a Russian-based scientist who posted 47 million academic papers online through Sci-Hub and guess what, Sci-Hub is accessed through the murky backwater browser Tor. Alexandra Elbakyan came up with the idea for Sci-Hub after finding herself paying out of pocket for research papers as a student. She attended Kazakhstan University where access to research papers was not as robust as some academic institutions.

I do not condone Sci-Hub or the actions Elbakyan has taken to sidestep the law. This is highly illegal and not only breaks copyright, but is also theft. It does, however, show the desperation that the research community has come to in accessing academic research. It brings to mind the English folklore story Robin Hood, who stole from the rich to give to the poor. There is an article online by Brian Resnick that explores in greater detail how and why Elbakyan created Sci-Hub. Of particular interest is a letter written by Elbakyan to Robert W. Sweet, the Senior Judge of United States District Court for the Southern District of New York about her situation.

Legal issues aside, this modern Robin Hood tale does identify a significant problem facing the academic publishing model today. Elbakyan sees several problems with the publishing model as it stands today.

Paywalls keep publicly funded research out of the public’s reach.

While publishers own the copyrights, they didn’t create the content. Researchers typically do not receive any royalties from the money their work generates.

This model only exists because academic journals confer prestige on authors. Authors willingly give up rights to their own research because they believe it will help their careers. (Resnick, 2016).

Even academic libraries (who spend large portions of their budgets on e resources) are feeling the slow vice of the academic publishing model clamping down. In 2012, Harvard University announced that it couldn’t afford publisher prices for academic journal packages and encouraged researchers to make their research open access and to resign from making their works published in subscription-based journals (Sample, 2012).

I am interested to see how Kilton Public Library uses their Tor browser moving forward (or perhaps I should say, how I don’t see them using it…) and how other libraries approach their online privacy policies. In New Hampshire, will we see other libraries take the steps that KPL has taken with HB 1508? Will other states adopt this progressive view on user rights to private online browsing? Will these types of bills expand to encompass academic and special libraries? It’s hard to say but I know that it is nice to see libraries fighting this hard for their patrons’ rights to privacy. Being the first one to push back will always be difficult, but it is necessary for true change to occur.

Please feel free to leave comments below. I am interested in seeing how others view KPL’s use of the Tor browser. Do you agree with libraries taking this extreme action to protect user privacy? Or do you see this creating even more issues?